On Thu, 19 Sep 2013, keld wrote:
So first things first, let's start with a proper threat analysis.
I don't know how to write such an analysis, and it seems like red tape to me.
I am just advocating that we migrate SMTP to TLS, and then I want a plan
that could evolve into an succesful migration, without hurting
interoperablity.
What Rolf was saying is that in this thread we were trying to come up
with a solution, without first having defined the problem we were trying
to solve. That is, without having defined a threat model we wanted to
defend against.
One such threat model could be a third party reading the content of a
conversation. A defense against such a threat could be the encryption of
the message content, for instance by using PGP.
Another threat model could be anyone being able to determine the location
of the sender. A defense against such a threat could be to use an
anonimity network like Tor to log into a webmail service and use that to
send email.
So you should first identify a threat model and then we can discuss
defenses against them. If your threat model is government surveillance,
then I don't think TLS is a solution.
As many others have tirelessly tried to explain in this thread: if you
don't want to risk your message being intercepted by third parties, some
kind of always-use-TLS-pretty-please flag won't offer adequate protection.
If you can live with this risk, you're unlikely to want to risk losing the
email.
Martijn.
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp